PCI Requirement 10.5.5 – Use File-Integrity Monitoring or Change-Detection Software on Logs to Ensure that Existing Log Data Cannot be Changed Without Generating Alerts

by Randy Bartels / December 20, 2022

 File-Integrity Monitoring PCI Requirement 10.5.5 requires organizations to use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert). The PCI DSS guidance explains that file-integrity monitoring or change-detection systems check for changes to critical files and provide notification when such changes are noted. Organizations usually monitor files that don’t…

PCI Requirement 10.5.4 – Write Logs for External-Facing Technologies onto a Secure, Centralized, Internal Log or Media Device

by Sarah Harvey / December 20, 2022

 What is PCI Requirement 10.5.4? Another element to PCI Requirement 10 is PCI Requirement 10.5.4, which requires organizations to write logs for external-facing technologies onto a secure, centralized, internal log server or media device. The PCI DSS explains the purpose of PCI Requirement 10.5.4 when it states, “By writing logs from external-facing technologies such as wireless, firewalls, DNS, and mail servers, the risk of those logs being lost or…

PCI Requirement 10.5.3 – Promptly Back Up Audit Trail Files to a Centralized Log Server or Media that is Difficult to Alter

by Randy Bartels / December 20, 2022

 Prevent Unauthorized Modifications PCI Requirement 10.5.3 asks organizations to promptly back up audit trail files to a centralized log server or media that is difficult to alter. The purpose of PCI Requirement 10.5.3 is to support PCI Requirement 10.5 and prevent unauthorized modifications to audit trail files. The PCI DSS guidance also explains, “Promptly backing up the logs to a centralized log server or media that is difficult to…

PCI Requirement 10.5.2 – Protect Audit Trail Files from Unauthorized Modifications

by Randy Bartels / December 20, 2022

 Unauthorized vs. Authorized Modifications PCI Requirement 10.5.2 requires organizations to protect audit trail files from unauthorized modifications. What would an unauthorized modification look like? Audit trails contain all the correct information about events and incidents in critical systems, so malicious individuals will often seek to modify audit trails to hide their actions. What would an authorized modification look like? If an approved individual in an organization finds unencrypted cardholder…

PCI Requirement 10.5.1 – Limit Viewing of Audit Trails to Those with a Job-Related Need

by Randy Bartels / December 20, 2022

 Policy of Least Privileges Protection of audit trails requires strong access controls; once again, the policy of least privileges comes into play. Audit trails contain sensitive information that only some members of an organization should have access to. This is why PCI Requirement 10.5.1 requires organizations to limit viewing of audit trails to those with a job-related need. It’s important to note that the PCI DSS doesn’t state that…